Lucene search
+L

330 matches found

OSV
OSV
added 2026/07/07 4:52 p.m.5 views

GO-2026-5496 Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git

Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git...

9.6CVSS5.9AI score0.00365EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2665-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2665-1 advisory. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

10CVSS7.4AI score0.01557EPSS
Exploits1References44
OSV
OSV
added 2026/06/26 2:5 p.m.2 views

SUSE-SU-2026:2665-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...

10CVSS7.3AI score0.01557EPSS
Exploits1References26
OSV
OSV
added 2026/06/26 9:25 a.m.3 views

OPENSUSE-SU-2026:21072-1 Security update for trivy

This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...

9.9CVSS5.8AI score0.00412EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/06/23 6:6 p.m.44 views

CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS0.00117EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

SUSE SLES15 Security Update : amazon-ssm-agent (SUSE-SU-2026:2467-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2467-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
SUSE Linux
SUSE Linux
added 2026/06/19 11:3 a.m.31 views

Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702...

9.1CVSS6.8AI score0.00868EPSS
Exploits3References62
OSV
OSV
added 2026/06/17 4:31 p.m.4 views

SUSE-SU-2026:22157-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...

10CVSS6.9AI score0.00868EPSS
Exploits3References31
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

9.6CVSS5.5AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-45571

A flaw was found in go-git, a Git implementation library. This path validation vulnerability allows an attacker to use specially crafted repository data. This data can cause go-git to modify or access files outside of the intended repository checkout, including critical .git directory files,...

5.4CVSS5.9AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.13 views

CVE-2026-45022

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

7.5CVSS5.4AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44309

A flaw was found in gitsign, a tool used for signing Git commits. This vulnerability, affecting the verify and verify-tag functions, occurs because gitsign re-encodes commit and tag objects before validating their signatures. A remote attacker could exploit this by crafting a malformed git object...

5.3CVSS5.3AI score0.00119EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 7:43 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 7:43 p.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 7:43 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 7:43 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 7:43 p.m.33 views

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

6.5CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/05/28 9:11 p.m.2 views

CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

8.5CVSS7.2AI score0.00416EPSS
Exploits2References3
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:7 a.m.4 views

go-git: Improper single-quote escaping in go-git SSH transport

...

9.6CVSS6.1AI score0.00365EPSS
Exploits0
Rows per page
Query Builder